Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature

The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately spy on the temperature in the vicinity of the DRAM-carrying device. Among others, this enables adversaries to remotely and purely digitally spy on personal behavior in users' private homes, or to collect security-critical data in server farms, cloud storage centers, or commercial production lines. We demonstrate that our attack can be performed by merely compromising the software of an IoT device and does not require hardware modifications or physical access at attack time. It can achieve temperature resolutions of up to 0.5 degrees C over a range of 0 degrees C to 70 degrees C in practice. The presented attack works in devices that do not have a dedicated temperature sensor on board; as the DRAM modules already present in the device are abused to spy on the temperature. To complete the work, the paper discusses practical attack scenarios as well as possible countermeasures against the new temperature-spying attacks.